aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/esp4.c11
-rw-r--r--net/ipv6/esp6.c11
2 files changed, 12 insertions, 10 deletions
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 1b5a09d1b90b..e911c6dd8296 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -5,6 +5,7 @@
5#include <net/esp.h> 5#include <net/esp.h>
6#include <asm/scatterlist.h> 6#include <asm/scatterlist.h>
7#include <linux/crypto.h> 7#include <linux/crypto.h>
8#include <linux/kernel.h>
8#include <linux/pfkeyv2.h> 9#include <linux/pfkeyv2.h>
9#include <linux/random.h> 10#include <linux/random.h>
10#include <net/icmp.h> 11#include <net/icmp.h>
@@ -42,10 +43,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb)
42 esp = x->data; 43 esp = x->data;
43 alen = esp->auth.icv_trunc_len; 44 alen = esp->auth.icv_trunc_len;
44 tfm = esp->conf.tfm; 45 tfm = esp->conf.tfm;
45 blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3; 46 blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4);
46 clen = (clen + 2 + blksize-1)&~(blksize-1); 47 clen = ALIGN(clen + 2, blksize);
47 if (esp->conf.padlen) 48 if (esp->conf.padlen)
48 clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); 49 clen = ALIGN(clen, esp->conf.padlen);
49 50
50 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) 51 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0)
51 goto error; 52 goto error;
@@ -307,13 +308,13 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
307 u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); 308 u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm);
308 309
309 if (x->props.mode) { 310 if (x->props.mode) {
310 mtu = (mtu + 2 + blksize-1)&~(blksize-1); 311 mtu = ALIGN(mtu + 2, blksize);
311 } else { 312 } else {
312 /* The worst case. */ 313 /* The worst case. */
313 mtu += 2 + blksize; 314 mtu += 2 + blksize;
314 } 315 }
315 if (esp->conf.padlen) 316 if (esp->conf.padlen)
316 mtu = (mtu + esp->conf.padlen-1)&~(esp->conf.padlen-1); 317 mtu = ALIGN(mtu, esp->conf.padlen);
317 318
318 return mtu + x->props.header_len + esp->auth.icv_trunc_len; 319 return mtu + x->props.header_len + esp->auth.icv_trunc_len;
319} 320}
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 9b27460f0cc7..0c7d7b42c80b 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -31,6 +31,7 @@
31#include <net/esp.h> 31#include <net/esp.h>
32#include <asm/scatterlist.h> 32#include <asm/scatterlist.h>
33#include <linux/crypto.h> 33#include <linux/crypto.h>
34#include <linux/kernel.h>
34#include <linux/pfkeyv2.h> 35#include <linux/pfkeyv2.h>
35#include <linux/random.h> 36#include <linux/random.h>
36#include <net/icmp.h> 37#include <net/icmp.h>
@@ -66,10 +67,10 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
66 67
67 alen = esp->auth.icv_trunc_len; 68 alen = esp->auth.icv_trunc_len;
68 tfm = esp->conf.tfm; 69 tfm = esp->conf.tfm;
69 blksize = (crypto_tfm_alg_blocksize(tfm) + 3) & ~3; 70 blksize = ALIGN(crypto_tfm_alg_blocksize(tfm), 4);
70 clen = (clen + 2 + blksize-1)&~(blksize-1); 71 clen = ALIGN(clen + 2, blksize);
71 if (esp->conf.padlen) 72 if (esp->conf.padlen)
72 clen = (clen + esp->conf.padlen-1)&~(esp->conf.padlen-1); 73 clen = ALIGN(clen, esp->conf.padlen);
73 74
74 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) { 75 if ((nfrags = skb_cow_data(skb, clen-skb->len+alen, &trailer)) < 0) {
75 goto error; 76 goto error;
@@ -238,13 +239,13 @@ static u32 esp6_get_max_size(struct xfrm_state *x, int mtu)
238 u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm); 239 u32 blksize = crypto_tfm_alg_blocksize(esp->conf.tfm);
239 240
240 if (x->props.mode) { 241 if (x->props.mode) {
241 mtu = (mtu + 2 + blksize-1)&~(blksize-1); 242 mtu = ALIGN(mtu + 2, blksize);
242 } else { 243 } else {
243 /* The worst case. */ 244 /* The worst case. */
244 mtu += 2 + blksize; 245 mtu += 2 + blksize;
245 } 246 }
246 if (esp->conf.padlen) 247 if (esp->conf.padlen)
247 mtu = (mtu + esp->conf.padlen-1)&~(esp->conf.padlen-1); 248 mtu = ALIGN(mtu, esp->conf.padlen);
248 249
249 return mtu + x->props.header_len + esp->auth.icv_full_len; 250 return mtu + x->props.header_len + esp->auth.icv_full_len;
250} 251}